Security, Trust, & Privacy

Security

For any security-related questions, feel free to contact us at [email protected].

Infrastructure security

We depend on the following subprocessors, roughly organized from most critical to least. Note that code data is sent up to our servers to power all of Cursor’s AI features (see AI Requests section), and that code data for users on privacy mode (legacy) is never persisted (see Privacy Mode Guarantee section).

Explore how each mode affects how data is sent and stored

Privacy Mode↓Explore how each mode affects how data is sent and stored.

  • AWS:

    Our infrastructure is primarily hosted on AWS, with servers located in the US, and backup servers distributed in Europe and Asia.

  • Google Cloud Platform (GCP):

    Some secondary infrastructure is hosted on Google Cloud Platform (GCP). All of our GCP servers are in the US.

  • MongoDB:

    We use MongoDB for some of our analytics data, for users who do not have privacy mode enabled.

  • Amplitude:

    We use Amplitude for some of our analytics data. No code data is stored with Amplitude; only event data such as "number of Antes creation attempts".

  • Slack:

    We use Slack as our internal communication tool. We may send snippets of prompts of non-privacy users in our internal chats for debugging.

  • Google Workspace:

    We use Google Workspace to collaborate. We may send snippets of prompts of non-privacy users in our internal emails for debugging.

  • Linear: We use Linear to track issues and collaborate.

Vulnerability disclosures

If you believe you have found a vulnerability in Ante, please submit the report to [email protected]

We commit to acknowledging vulnerability reports within 10 business days, and addressing them as soon as we are able to.

Trust Assumptions

Ante

  1. Ante does not have control over any user accounts (wallets or Safes) and has no ability to steal or recover funds from user wallets or Safes.

Privy

We use Privy to generate wallets for people using email or other authentication methods.

  1. If you sign up via email and do not set up a backup, theoretically Privy can rug your vault. This could be achieved by introducing malicious code into Privy codebase.

    1. In order to avoid this users should back up their account or set a passphrase AND they should also export their embedded wallet and keep the PK safe

Guardians & Recipients

  1. Guardians and Recipient could collude to prevent the owner from checking in order to withdraw funds from a vault

  2. User trusts all multisig owners of the guardian

  3. A malicious Guardian(s) could delay asset handoff indefinitely by never finalizing the handoff.

  4. If a vault has multiple owners, each owner implicitly trusts all the other owners of the vaults

Others

  1. Email provider

    1. Email accounts are only as safe as you keep your email account

  2. Owner trusts any other external interfaces to interact with Ante V1 vaults (e.g. if they use gnosis safe default interface, they trust the source they are loading the interface)

Privacy

Analytics

We are using Segment Analytics for tracking app activity.

We are explicitly tracking app interactions like: button clicks, successfully submitted transactions, etc. attaching only the following fields:

  • version of the app

  • URL on which the user executed the action

  • the name of the action

  • the vault address & chain ID - when applicable

  • the Privy unique user ID

Segment appends other common fields when the request reaches their servers. A list of what they are tracking can be found here: https://segment.com/docs/connections/spec/common/

Email privacy

We are using Privy as authentication layer, meaning that linking a email address to your account discloses the association between your wallet address and your email address to both Ante and Privy.

Our API ensures that:

  • For EOA users, if they have a linked email address, it is never displayed in the app and that address is used only for sending notifications.

  • For email users, their email address is disclosed only to participants of the same vault according to the following permissions. The following examples assume all participants are email users.

    • Vault Owner can view email addresses of Guardians and Recipient

    • Guardians can view only the email address of Vault Owner

    • Recipient can view only the email address of Vault Owner

    • Anonymous user cannot view any email address

Last updated